CVE-2026-29771

6.5 MEDIUM

Netmaker makes networks with WireGuard

Published: 2026-03-07 · Last updated: 2026-05-18

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-404

Affected products

Vendor	Product
netmaker	netmaker

Description

Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-29771
[Vendor advisory]https://github.com/gravitl/netmaker/security/advisories/GHSA-rhr9-hgcm-x289

Related CVEs

Same vendor

CVE-2026-38651 — Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0 (8.2 HIGH)
CVE-2023-32079 — Netmaker makes networks with WireGuard (8.8 HIGH)
CVE-2023-32078 — Netmaker makes networks with WireGuard (7.5 HIGH)
CVE-2023-32077 — Netmaker makes networks with WireGuard (7.5 HIGH)
CVE-2022-36110 — Netmaker makes networks with WireGuard (8.8 HIGH)

Same CWE

CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
CVE-2026-11312 — A vulnerability was found in bytedance InfiniStore up to 0.2.33 (3.3 LOW)
CVE-2026-10802 — A vulnerability was detected in keystonejs keystone up to 20260319 (4.3 MEDIUM)
CVE-2026-10775 — A vulnerability was determined in sgl-project SGLang up to 0.5.11 (3.6 LOW)
CVE-2026-10705 — A flaw has been found in dask up to 3.0 (3.1 LOW)